[SpamCop-List] Re: Why won't this work?

[John E. Malmberg]

I'm_a_victim wrote:

> 
> Well I understand the replies. My problem is that I am running our of 
> available "blocks". I use Yahoo and there are only 200 blocks available. I 
> am rapidly filling them up.

It is easy to find examples of spam blocking and filtering that do not work.

It is also easy to find examples of spam blocking and filtering that do 
work.

Unfortunately the ones that do not work well are the most popular for 
the following reasons:

1. The ones that work are free, or low cost, so they do not buy 
advertising in the trade press, or put products on the shelf at the 
computer stores.

2. The ones that work give instant feedback to real senders if their 
message was blocked by mistake.  This makes any errors visible.  When a 
real message is blocked by a service that tags or quarantines spam, in 
most cases neither the sender or the recipient knows.

3. Most of ones that work do not allow per-user's exemption or setting, 
and if they are working properly they do not need it.  Having a per-user 
customization generally indicates an acknowledgment that the filter 
method is too flawed to be trusted.

4. The ones that work require that the sending ISP fix the problem for 
their users to send e-mail.  This is considered unfair by some because 
it punishes the ISP's customer.

Back when spamcop.net evidence was more readily available, in the cases 
I looked up from complaints in this forum generally showed that that the 
ISP's that told their customers that they did not know why the block was 
in place had been receiving reports for about 1 week before the 
threshold got high enough to cause a block.

The network staff that I used to work with would be embarrassed if it 
took them more than 2 minutes to isolate a problem system on the 
network, and that was with out automatic systems.

> My blocking spam is no incentive for an ISP that hosts a spammer to stop the 
> spam.

That is because the service you mentioned is apparently not blocking 
spam.  They are apparently accepting it, and either tagging it or 
blackholing it it.  Neither provides any feedback to spam supporting 
networks.  Both allow spam supporting networks to mix spam and real 
e-mail from the same mail servers.

Reporting your spam through spamcop.net causes many mail servers to 
consider not accepting spam from that I.P. address.

Also please go read the FAQ http://www.spews.org.

> I would think that many US based ISP would be interested in blocking the 
> 60 - 80% of the traffic that is spam. We are rapidly approaching the point 
> where people will stop using email because of all the crap coming from the 
> spammers.

They are not because apparently the people that are paying attention to 
the profit and loss at the ISP are not looking at a line item for how 
much it is costing them.

If they did, they would use effective spam blocking.

However they have a small but vocal customer base that thinks that all 
spam blocking is evil because of the small risk it could block a real 
message by mistake.

What these vocal customers and these ISPs do not realize is that 
statistically by allowing the spam into the mail server to begin with, 
they are increasing the chances that real e-mail will get silently lost.

For mail servers that refuse e-mail from spam and virus sources, I see 
only a small number of users asking questions about why a block was in 
place so a message was refused, and that issue gets a quick answer.

 From the mail servers that try to sort spam by content and individual 
preferences, I see lots of reports of servers being unexpectedly down, 
and mail being lost.

> If a foreign spammer ISP isn't interested enough to shut down the spammer 
> then shut 100% of all email for a week or 2 or more on repeated violations.

My main postmasters will not remove the block until given a reason by 
one of their customers, and it does not take two violations to get on 
that block.  For some countries, 1 spam report gets at least a /24 (256 
addresses in layman's terms) blocked.

> from all domains from that ISP. The legit customers would complain and 
> probably start switching ISP. If enough customers switched that would be the 
> incentive for the ISP to actually shut down / off the spammers.

There are ISPs that do that.  AOL.COM is one that will put in a domain 
wide block from an ISP that allows spam.  That is known because it was 
in the media.  The blocked ISP complained for 48 hours that it was 
unreasonable and impractical for them to solve the problem.  After about 
72 hours of the block, the blocked ISP discovered that it was practical 
to fix the problem and did so.

> Oh well thanks for replies. 

The issue is not that it can not be done, it is that your ISP either 
does not understand how much extra it is costing them to accept spam 
from known spam sources, or they do not care as long as they can pass 
the added cost on to their customers.

And it may be that their customers are not aware of how much of their 
ISP bill is going to pay for the costs incurred for allowing spam into 
the mail server, and how much less reliable it makes the mail server.

In the "LOUNGE" section of the web forum for spamcop.net, there is a
pinned topic on the "cost of spam".

What you need to do is learn about the costs of spam, and get the other 
users of your ISP aware.

One of the key things missing from the U.S. CAN-SPAM law is some 
incentive to punish an ISP that is either knowingly allowing a spammer 
to violate the CAN-SPAM law, or by their inaction is allowing spammers 
to route through an insecure system on their network.

A full service ISP should be able to shut down the spew from a 
compromised computer in far less than one hour.  The worst case for 
other networks should be one business day.

If you are in the U.S. call your congress person on the phone and ask 
them why those provisions are not present.  Get all your friends and 
neighbors to also call.

Using the phone ties up their staffers, so they have to pay more 
attention.  E-mails and letters can sit in a queue ignored until a 
bed-bug response is sent.

-John
wb8tyw at qsl.network
Personal Opinion Only